2229 lines
56 KiB
C
2229 lines
56 KiB
C
/* $NetBSD: bozohttpd.c,v 1.33 2013/03/09 21:36:04 mrg Exp $ */
|
|
|
|
/* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */
|
|
|
|
/*
|
|
* Copyright (c) 1997-2011 Matthew R. Green
|
|
* All rights reserved.
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, are permitted provided that the following conditions
|
|
* are met:
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
* notice, this list of conditions and the following disclaimer.
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
* notice, this list of conditions and the following disclaimer and
|
|
* dedication in the documentation and/or other materials provided
|
|
* with the distribution.
|
|
*
|
|
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
|
|
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
|
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
|
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
|
|
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
|
|
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
|
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
|
|
* AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
|
|
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
* SUCH DAMAGE.
|
|
*
|
|
*/
|
|
|
|
/* this program is dedicated to the Great God of Processed Cheese */
|
|
|
|
/*
|
|
* bozohttpd.c: minimal httpd; provides only these features:
|
|
* - HTTP/0.9 (by virtue of ..)
|
|
* - HTTP/1.0
|
|
* - HTTP/1.1
|
|
* - CGI/1.1 this will only be provided for "system" scripts
|
|
* - automatic "missing trailing slash" redirections
|
|
* - configurable translation of /~user/ to ~user/public_html,
|
|
* however, this does not include cgi-bin support
|
|
* - access lists via libwrap via inetd/tcpd
|
|
* - virtual hosting
|
|
* - not that we do not even pretend to understand MIME, but
|
|
* rely only on the HTTP specification
|
|
* - ipv6 support
|
|
* - automatic `index.html' generation
|
|
* - configurable server name
|
|
* - directory index generation
|
|
* - daemon mode (lacks libwrap support)
|
|
* - .htpasswd support
|
|
*/
|
|
|
|
/*
|
|
* requirements for minimal http/1.1 (at least, as documented in
|
|
* <draft-ietf-http-v11-spec-rev-06> which expired may 18, 1999):
|
|
*
|
|
* - 14.15: content-encoding handling. [1]
|
|
*
|
|
* - 14.16: content-length handling. this is only a SHOULD header
|
|
* thus we could just not send it ever. [1]
|
|
*
|
|
* - 14.17: content-type handling. [1]
|
|
*
|
|
* - 14.25/28: if-{,un}modified-since handling. maybe do this, but
|
|
* i really don't want to have to parse 3 differnet date formats
|
|
*
|
|
* [1] need to revisit to ensure proper behaviour
|
|
*
|
|
* and the following is a list of features that we do not need
|
|
* to have due to other limits, or are too lazy. there are more
|
|
* of these than are listed, but these are of particular note,
|
|
* and could perhaps be implemented.
|
|
*
|
|
* - 3.5/3.6: content/transfer codings. probably can ignore
|
|
* this? we "SHOULD"n't. but 4.4 says we should ignore a
|
|
* `content-length' header upon reciept of a `transfer-encoding'
|
|
* header.
|
|
*
|
|
* - 5.1.1: request methods. only MUST support GET and HEAD,
|
|
* but there are new ones besides POST that are currently
|
|
* supported: OPTIONS PUT DELETE TRACE and CONNECT, plus
|
|
* extensions not yet known?
|
|
*
|
|
* - 10.1: we can ignore informational status codes
|
|
*
|
|
* - 10.3.3/10.3.4/10.3.8: just use '302' codes always.
|
|
*
|
|
* - 14.1/14.2/14.3/14.27: we do not support Accept: headers..
|
|
* just ignore them and send the request anyway. they are
|
|
* only SHOULD.
|
|
*
|
|
* - 14.5/14.16/14.35: we don't do ranges. from section 14.35.2
|
|
* `A server MAY ignore the Range header'. but it might be nice.
|
|
* since 20080301 we support simple range headers.
|
|
*
|
|
* - 14.9: we aren't a cache.
|
|
*
|
|
* - 14.15: content-md5 would be nice...
|
|
*
|
|
* - 14.24/14.26/14.27: be nice to support this...
|
|
*
|
|
* - 14.44: not sure about this Vary: header. ignore it for now.
|
|
*/
|
|
|
|
#ifndef INDEX_HTML
|
|
#define INDEX_HTML "index.html"
|
|
#endif
|
|
#ifndef SERVER_SOFTWARE
|
|
#define SERVER_SOFTWARE "bozohttpd/20111118"
|
|
#endif
|
|
#ifndef DIRECT_ACCESS_FILE
|
|
#define DIRECT_ACCESS_FILE ".bzdirect"
|
|
#endif
|
|
#ifndef REDIRECT_FILE
|
|
#define REDIRECT_FILE ".bzredirect"
|
|
#endif
|
|
#ifndef ABSREDIRECT_FILE
|
|
#define ABSREDIRECT_FILE ".bzabsredirect"
|
|
#endif
|
|
#ifndef PUBLIC_HTML
|
|
#define PUBLIC_HTML "public_html"
|
|
#endif
|
|
|
|
#ifndef USE_ARG
|
|
#define USE_ARG(x) /*LINTED*/(void)&(x)
|
|
#endif
|
|
|
|
/*
|
|
* And so it begins ..
|
|
*/
|
|
|
|
#include <sys/param.h>
|
|
#include <sys/socket.h>
|
|
#include <sys/time.h>
|
|
#include <sys/mman.h>
|
|
|
|
#include <arpa/inet.h>
|
|
|
|
#include <ctype.h>
|
|
#include <dirent.h>
|
|
#include <errno.h>
|
|
#include <fcntl.h>
|
|
#include <netdb.h>
|
|
#include <pwd.h>
|
|
#include <grp.h>
|
|
#include <signal.h>
|
|
#include <stdarg.h>
|
|
#include <stdlib.h>
|
|
#include <string.h>
|
|
#include <syslog.h>
|
|
#include <time.h>
|
|
#include <unistd.h>
|
|
|
|
#include "bozohttpd.h"
|
|
|
|
#ifndef MAX_WAIT_TIME
|
|
#define MAX_WAIT_TIME 60 /* hang around for 60 seconds max */
|
|
#endif
|
|
|
|
/* variables and functions */
|
|
#ifndef LOG_FTP
|
|
#define LOG_FTP LOG_DAEMON
|
|
#endif
|
|
|
|
volatile sig_atomic_t alarmhit;
|
|
|
|
/*
|
|
* check there's enough space in the prefs and names arrays.
|
|
*/
|
|
static int
|
|
size_arrays(bozoprefs_t *bozoprefs, unsigned needed)
|
|
{
|
|
char **temp;
|
|
|
|
if (bozoprefs->size == 0) {
|
|
/* only get here first time around */
|
|
bozoprefs->size = needed;
|
|
if ((bozoprefs->name = calloc(sizeof(char *), needed)) == NULL) {
|
|
(void) fprintf(stderr, "size_arrays: bad alloc\n");
|
|
return 0;
|
|
}
|
|
if ((bozoprefs->value = calloc(sizeof(char *), needed)) == NULL) {
|
|
free(bozoprefs->name);
|
|
(void) fprintf(stderr, "size_arrays: bad alloc\n");
|
|
return 0;
|
|
}
|
|
} else if (bozoprefs->c == bozoprefs->size) {
|
|
/* only uses 'needed' when filled array */
|
|
bozoprefs->size += needed;
|
|
temp = realloc(bozoprefs->name, sizeof(char *) * needed);
|
|
if (temp == NULL) {
|
|
(void) fprintf(stderr, "size_arrays: bad alloc\n");
|
|
return 0;
|
|
}
|
|
bozoprefs->name = temp;
|
|
temp = realloc(bozoprefs->value, sizeof(char *) * needed);
|
|
if (temp == NULL) {
|
|
(void) fprintf(stderr, "size_arrays: bad alloc\n");
|
|
return 0;
|
|
}
|
|
bozoprefs->value = temp;
|
|
}
|
|
return 1;
|
|
}
|
|
|
|
static int
|
|
findvar(bozoprefs_t *bozoprefs, const char *name)
|
|
{
|
|
unsigned i;
|
|
|
|
for (i = 0 ; i < bozoprefs->c && strcmp(bozoprefs->name[i], name) != 0; i++)
|
|
;
|
|
return (i == bozoprefs->c) ? -1 : (int)i;
|
|
}
|
|
|
|
int
|
|
bozo_set_pref(bozoprefs_t *bozoprefs, const char *name, const char *value)
|
|
{
|
|
int i;
|
|
|
|
if ((i = findvar(bozoprefs, name)) < 0) {
|
|
/* add the element to the array */
|
|
if (size_arrays(bozoprefs, bozoprefs->size + 15)) {
|
|
bozoprefs->name[i = bozoprefs->c++] = strdup(name);
|
|
}
|
|
} else {
|
|
/* replace the element in the array */
|
|
if (bozoprefs->value[i]) {
|
|
free(bozoprefs->value[i]);
|
|
bozoprefs->value[i] = NULL;
|
|
}
|
|
}
|
|
/* sanity checks for range of values go here */
|
|
bozoprefs->value[i] = strdup(value);
|
|
return 1;
|
|
}
|
|
|
|
/*
|
|
* get a variable's value, or NULL
|
|
*/
|
|
char *
|
|
bozo_get_pref(bozoprefs_t *bozoprefs, const char *name)
|
|
{
|
|
int i;
|
|
|
|
return ((i = findvar(bozoprefs, name)) < 0) ? NULL :
|
|
bozoprefs->value[i];
|
|
}
|
|
|
|
char *
|
|
bozo_http_date(char *date, size_t datelen)
|
|
{
|
|
struct tm *tm;
|
|
time_t now;
|
|
|
|
/* Sun, 06 Nov 1994 08:49:37 GMT */
|
|
now = time(NULL);
|
|
tm = gmtime(&now); /* HTTP/1.1 spec rev 06 sez GMT only */
|
|
strftime(date, datelen, "%a, %d %b %Y %H:%M:%S GMT", tm);
|
|
return date;
|
|
}
|
|
|
|
/*
|
|
* convert "in" into the three parts of a request (first line).
|
|
* we allocate into file and query, but return pointers into
|
|
* "in" for proto and method.
|
|
*/
|
|
static void
|
|
parse_request(bozohttpd_t *httpd, char *in, char **method, char **file,
|
|
char **query, char **proto)
|
|
{
|
|
ssize_t len;
|
|
char *val;
|
|
|
|
USE_ARG(httpd);
|
|
debug((httpd, DEBUG_EXPLODING, "parse in: %s", in));
|
|
*method = *file = *query = *proto = NULL;
|
|
|
|
len = (ssize_t)strlen(in);
|
|
val = bozostrnsep(&in, " \t\n\r", &len);
|
|
if (len < 1 || val == NULL)
|
|
return;
|
|
*method = val;
|
|
|
|
while (*in == ' ' || *in == '\t')
|
|
in++;
|
|
val = bozostrnsep(&in, " \t\n\r", &len);
|
|
if (len < 1) {
|
|
if (len == 0)
|
|
*file = val;
|
|
else
|
|
*file = in;
|
|
} else {
|
|
*file = val;
|
|
|
|
*query = strchr(*file, '?');
|
|
if (*query)
|
|
*(*query)++ = '\0';
|
|
|
|
if (in) {
|
|
while (*in && (*in == ' ' || *in == '\t'))
|
|
in++;
|
|
if (*in)
|
|
*proto = in;
|
|
}
|
|
}
|
|
|
|
/* allocate private copies */
|
|
*file = bozostrdup(httpd, *file);
|
|
if (*query)
|
|
*query = bozostrdup(httpd, *query);
|
|
|
|
debug((httpd, DEBUG_FAT,
|
|
"url: method: \"%s\" file: \"%s\" query: \"%s\" proto: \"%s\"",
|
|
*method, *file, *query, *proto));
|
|
}
|
|
|
|
/*
|
|
* cleanup a bozo_httpreq_t after use
|
|
*/
|
|
void
|
|
bozo_clean_request(bozo_httpreq_t *request)
|
|
{
|
|
struct bozoheaders *hdr, *ohdr = NULL;
|
|
|
|
if (request == NULL)
|
|
return;
|
|
|
|
/* If SSL enabled cleanup SSL structure. */
|
|
bozo_ssl_destroy(request->hr_httpd);
|
|
|
|
/* clean up request */
|
|
#define MF(x) if (request->x) free(request->x)
|
|
MF(hr_remotehost);
|
|
MF(hr_remoteaddr);
|
|
MF(hr_serverport);
|
|
MF(hr_file);
|
|
MF(hr_oldfile);
|
|
MF(hr_query);
|
|
#undef MF
|
|
bozo_auth_cleanup(request);
|
|
for (hdr = SIMPLEQ_FIRST(&request->hr_headers); hdr;
|
|
hdr = SIMPLEQ_NEXT(hdr, h_next)) {
|
|
free(hdr->h_value);
|
|
free(hdr->h_header);
|
|
if (ohdr)
|
|
free(ohdr);
|
|
ohdr = hdr;
|
|
}
|
|
if (ohdr)
|
|
free(ohdr);
|
|
|
|
free(request);
|
|
}
|
|
|
|
/*
|
|
* send a HTTP/1.1 408 response if we timeout.
|
|
*/
|
|
/* ARGSUSED */
|
|
static void
|
|
alarmer(int sig)
|
|
{
|
|
alarmhit = 1;
|
|
}
|
|
|
|
/*
|
|
* add or merge this header (val: str) into the requests list
|
|
*/
|
|
static bozoheaders_t *
|
|
addmerge_header(bozo_httpreq_t *request, char *val,
|
|
char *str, ssize_t len)
|
|
{
|
|
struct bozoheaders *hdr;
|
|
|
|
USE_ARG(len);
|
|
/* do we exist already? */
|
|
SIMPLEQ_FOREACH(hdr, &request->hr_headers, h_next) {
|
|
if (strcasecmp(val, hdr->h_header) == 0)
|
|
break;
|
|
}
|
|
|
|
if (hdr) {
|
|
/* yup, merge it in */
|
|
char *nval;
|
|
|
|
if (asprintf(&nval, "%s, %s", hdr->h_value, str) == -1) {
|
|
(void)bozo_http_error(request->hr_httpd, 500, NULL,
|
|
"memory allocation failure");
|
|
return NULL;
|
|
}
|
|
free(hdr->h_value);
|
|
hdr->h_value = nval;
|
|
} else {
|
|
/* nope, create a new one */
|
|
|
|
hdr = bozomalloc(request->hr_httpd, sizeof *hdr);
|
|
hdr->h_header = bozostrdup(request->hr_httpd, val);
|
|
if (str && *str)
|
|
hdr->h_value = bozostrdup(request->hr_httpd, str);
|
|
else
|
|
hdr->h_value = bozostrdup(request->hr_httpd, " ");
|
|
|
|
SIMPLEQ_INSERT_TAIL(&request->hr_headers, hdr, h_next);
|
|
request->hr_nheaders++;
|
|
}
|
|
|
|
return hdr;
|
|
}
|
|
|
|
/*
|
|
* as the prototype string is not constant (eg, "HTTP/1.1" is equivalent
|
|
* to "HTTP/001.01"), we MUST parse this.
|
|
*/
|
|
static int
|
|
process_proto(bozo_httpreq_t *request, const char *proto)
|
|
{
|
|
char majorstr[16], *minorstr;
|
|
int majorint, minorint;
|
|
|
|
if (proto == NULL) {
|
|
got_proto_09:
|
|
request->hr_proto = request->hr_httpd->consts.http_09;
|
|
debug((request->hr_httpd, DEBUG_FAT, "request %s is http/0.9",
|
|
request->hr_file));
|
|
return 0;
|
|
}
|
|
|
|
if (strncasecmp(proto, "HTTP/", 5) != 0)
|
|
goto bad;
|
|
strncpy(majorstr, proto + 5, sizeof majorstr);
|
|
majorstr[sizeof(majorstr)-1] = 0;
|
|
minorstr = strchr(majorstr, '.');
|
|
if (minorstr == NULL)
|
|
goto bad;
|
|
*minorstr++ = 0;
|
|
|
|
majorint = atoi(majorstr);
|
|
minorint = atoi(minorstr);
|
|
|
|
switch (majorint) {
|
|
case 0:
|
|
if (minorint != 9)
|
|
break;
|
|
goto got_proto_09;
|
|
case 1:
|
|
if (minorint == 0)
|
|
request->hr_proto = request->hr_httpd->consts.http_10;
|
|
else if (minorint == 1)
|
|
request->hr_proto = request->hr_httpd->consts.http_11;
|
|
else
|
|
break;
|
|
|
|
debug((request->hr_httpd, DEBUG_FAT, "request %s is %s",
|
|
request->hr_file, request->hr_proto));
|
|
SIMPLEQ_INIT(&request->hr_headers);
|
|
request->hr_nheaders = 0;
|
|
return 0;
|
|
}
|
|
bad:
|
|
return bozo_http_error(request->hr_httpd, 404, NULL, "unknown prototype");
|
|
}
|
|
|
|
/*
|
|
* process each type of HTTP method, setting this HTTP requests
|
|
# method type.
|
|
*/
|
|
static struct method_map {
|
|
const char *name;
|
|
int type;
|
|
} method_map[] = {
|
|
{ "GET", HTTP_GET, },
|
|
{ "POST", HTTP_POST, },
|
|
{ "HEAD", HTTP_HEAD, },
|
|
#if 0 /* other non-required http/1.1 methods */
|
|
{ "OPTIONS", HTTP_OPTIONS, },
|
|
{ "PUT", HTTP_PUT, },
|
|
{ "DELETE", HTTP_DELETE, },
|
|
{ "TRACE", HTTP_TRACE, },
|
|
{ "CONNECT", HTTP_CONNECT, },
|
|
#endif
|
|
{ NULL, 0, },
|
|
};
|
|
|
|
static int
|
|
process_method(bozo_httpreq_t *request, const char *method)
|
|
{
|
|
struct method_map *mmp;
|
|
|
|
if (request->hr_proto == request->hr_httpd->consts.http_11)
|
|
request->hr_allow = "GET, HEAD, POST";
|
|
|
|
for (mmp = method_map; mmp->name; mmp++)
|
|
if (strcasecmp(method, mmp->name) == 0) {
|
|
request->hr_method = mmp->type;
|
|
request->hr_methodstr = mmp->name;
|
|
return 0;
|
|
}
|
|
|
|
return bozo_http_error(request->hr_httpd, 404, request, "unknown method");
|
|
}
|
|
|
|
/*
|
|
* This function reads a http request from stdin, returning a pointer to a
|
|
* bozo_httpreq_t structure, describing the request.
|
|
*/
|
|
bozo_httpreq_t *
|
|
bozo_read_request(bozohttpd_t *httpd)
|
|
{
|
|
struct sigaction sa;
|
|
char *str, *val, *method, *file, *proto, *query;
|
|
char *host, *addr, *port;
|
|
char bufport[10];
|
|
char hbuf[NI_MAXHOST], abuf[NI_MAXHOST];
|
|
struct sockaddr_storage ss;
|
|
ssize_t len;
|
|
int line = 0;
|
|
socklen_t slen;
|
|
bozo_httpreq_t *request;
|
|
|
|
/*
|
|
* if we're in daemon mode, bozo_daemon_fork() will return here twice
|
|
* for each call. once in the child, returning 0, and once in the
|
|
* parent, returning 1. for each child, then we can setup SSL, and
|
|
* the parent can signal the caller there was no request to process
|
|
* and it will wait for another.
|
|
*/
|
|
if (bozo_daemon_fork(httpd))
|
|
return NULL;
|
|
bozo_ssl_accept(httpd);
|
|
|
|
request = bozomalloc(httpd, sizeof(*request));
|
|
memset(request, 0, sizeof(*request));
|
|
request->hr_httpd = httpd;
|
|
request->hr_allow = request->hr_host = NULL;
|
|
request->hr_content_type = request->hr_content_length = NULL;
|
|
request->hr_range = NULL;
|
|
request->hr_last_byte_pos = -1;
|
|
request->hr_if_modified_since = NULL;
|
|
request->hr_file = NULL;
|
|
request->hr_oldfile = NULL;
|
|
|
|
slen = sizeof(ss);
|
|
if (getpeername(0, (struct sockaddr *)(void *)&ss, &slen) < 0)
|
|
host = addr = NULL;
|
|
else {
|
|
if (getnameinfo((struct sockaddr *)(void *)&ss, slen,
|
|
abuf, sizeof abuf, NULL, 0, NI_NUMERICHOST) == 0)
|
|
addr = abuf;
|
|
else
|
|
addr = NULL;
|
|
if (httpd->numeric == 0 &&
|
|
getnameinfo((struct sockaddr *)(void *)&ss, slen,
|
|
hbuf, sizeof hbuf, NULL, 0, 0) == 0)
|
|
host = hbuf;
|
|
else
|
|
host = NULL;
|
|
}
|
|
if (host != NULL)
|
|
request->hr_remotehost = bozostrdup(request->hr_httpd, host);
|
|
if (addr != NULL)
|
|
request->hr_remoteaddr = bozostrdup(request->hr_httpd, addr);
|
|
slen = sizeof(ss);
|
|
|
|
/*
|
|
* Override the bound port from the request value, so it works even
|
|
* if passed through a proxy that doesn't rewrite the port.
|
|
*/
|
|
if (httpd->bindport) {
|
|
if (strcmp(httpd->bindport, "80") != 0)
|
|
port = httpd->bindport;
|
|
else
|
|
port = NULL;
|
|
} else {
|
|
if (getsockname(0, (struct sockaddr *)(void *)&ss, &slen) < 0)
|
|
port = NULL;
|
|
else {
|
|
if (getnameinfo((struct sockaddr *)(void *)&ss, slen, NULL, 0,
|
|
bufport, sizeof bufport, NI_NUMERICSERV) == 0)
|
|
port = bufport;
|
|
else
|
|
port = NULL;
|
|
}
|
|
}
|
|
if (port != NULL)
|
|
request->hr_serverport = bozostrdup(request->hr_httpd, port);
|
|
|
|
/*
|
|
* setup a timer to make sure the request is not hung
|
|
*/
|
|
sa.sa_handler = alarmer;
|
|
sigemptyset(&sa.sa_mask);
|
|
sigaddset(&sa.sa_mask, SIGALRM);
|
|
sa.sa_flags = 0;
|
|
sigaction(SIGALRM, &sa, NULL); /* XXX */
|
|
|
|
alarm(MAX_WAIT_TIME);
|
|
while ((str = bozodgetln(httpd, STDIN_FILENO, &len, bozo_read)) != NULL) {
|
|
alarm(0);
|
|
if (alarmhit) {
|
|
(void)bozo_http_error(httpd, 408, NULL,
|
|
"request timed out");
|
|
goto cleanup;
|
|
}
|
|
line++;
|
|
|
|
if (line == 1) {
|
|
|
|
if (len < 1) {
|
|
(void)bozo_http_error(httpd, 404, NULL,
|
|
"null method");
|
|
goto cleanup;
|
|
}
|
|
|
|
bozo_warn(httpd, "got request ``%s'' from host %s to port %s",
|
|
str,
|
|
host ? host : addr ? addr : "<local>",
|
|
port ? port : "<stdin>");
|
|
|
|
/* we allocate return space in file and query only */
|
|
parse_request(httpd, str, &method, &file, &query, &proto);
|
|
request->hr_file = file;
|
|
request->hr_query = query;
|
|
if (method == NULL) {
|
|
(void)bozo_http_error(httpd, 404, NULL,
|
|
"null method");
|
|
goto cleanup;
|
|
}
|
|
if (file == NULL) {
|
|
(void)bozo_http_error(httpd, 404, NULL,
|
|
"null file");
|
|
goto cleanup;
|
|
}
|
|
|
|
/*
|
|
* note that we parse the proto first, so that we
|
|
* can more properly parse the method and the url.
|
|
*/
|
|
|
|
if (process_proto(request, proto) ||
|
|
process_method(request, method)) {
|
|
goto cleanup;
|
|
}
|
|
|
|
debug((httpd, DEBUG_FAT, "got file \"%s\" query \"%s\"",
|
|
request->hr_file,
|
|
request->hr_query ? request->hr_query : "<none>"));
|
|
|
|
/* http/0.9 has no header processing */
|
|
if (request->hr_proto == httpd->consts.http_09)
|
|
break;
|
|
} else { /* incoming headers */
|
|
bozoheaders_t *hdr;
|
|
|
|
if (*str == '\0')
|
|
break;
|
|
|
|
val = bozostrnsep(&str, ":", &len);
|
|
debug((httpd, DEBUG_EXPLODING,
|
|
"read_req2: after bozostrnsep: str ``%s'' val ``%s''",
|
|
str, val));
|
|
if (val == NULL || len == -1) {
|
|
(void)bozo_http_error(httpd, 404, request,
|
|
"no header");
|
|
goto cleanup;
|
|
}
|
|
while (*str == ' ' || *str == '\t')
|
|
len--, str++;
|
|
while (*val == ' ' || *val == '\t')
|
|
val++;
|
|
|
|
if (bozo_auth_check_headers(request, val, str, len))
|
|
goto next_header;
|
|
|
|
hdr = addmerge_header(request, val, str, len);
|
|
|
|
if (strcasecmp(hdr->h_header, "content-type") == 0)
|
|
request->hr_content_type = hdr->h_value;
|
|
else if (strcasecmp(hdr->h_header, "content-length") == 0)
|
|
request->hr_content_length = hdr->h_value;
|
|
else if (strcasecmp(hdr->h_header, "host") == 0)
|
|
request->hr_host = hdr->h_value;
|
|
/* HTTP/1.1 rev06 draft spec: 14.20 */
|
|
else if (strcasecmp(hdr->h_header, "expect") == 0) {
|
|
(void)bozo_http_error(httpd, 417, request,
|
|
"we don't support Expect:");
|
|
goto cleanup;
|
|
}
|
|
else if (strcasecmp(hdr->h_header, "referrer") == 0 ||
|
|
strcasecmp(hdr->h_header, "referer") == 0)
|
|
request->hr_referrer = hdr->h_value;
|
|
else if (strcasecmp(hdr->h_header, "range") == 0)
|
|
request->hr_range = hdr->h_value;
|
|
else if (strcasecmp(hdr->h_header,
|
|
"if-modified-since") == 0)
|
|
request->hr_if_modified_since = hdr->h_value;
|
|
else if (strcasecmp(hdr->h_header,
|
|
"accept-encoding") == 0)
|
|
request->hr_accept_encoding = hdr->h_value;
|
|
|
|
debug((httpd, DEBUG_FAT, "adding header %s: %s",
|
|
hdr->h_header, hdr->h_value));
|
|
}
|
|
next_header:
|
|
alarm(MAX_WAIT_TIME);
|
|
}
|
|
|
|
/* now, clear it all out */
|
|
alarm(0);
|
|
signal(SIGALRM, SIG_DFL);
|
|
|
|
/* RFC1945, 8.3 */
|
|
if (request->hr_method == HTTP_POST &&
|
|
request->hr_content_length == NULL) {
|
|
(void)bozo_http_error(httpd, 400, request,
|
|
"missing content length");
|
|
goto cleanup;
|
|
}
|
|
|
|
/* HTTP/1.1 draft rev-06, 14.23 & 19.6.1.1 */
|
|
if (request->hr_proto == httpd->consts.http_11 &&
|
|
request->hr_host == NULL) {
|
|
(void)bozo_http_error(httpd, 400, request,
|
|
"missing Host header");
|
|
goto cleanup;
|
|
}
|
|
|
|
if (request->hr_range != NULL) {
|
|
debug((httpd, DEBUG_FAT, "hr_range: %s", request->hr_range));
|
|
/* support only simple ranges %d- and %d-%d */
|
|
if (strchr(request->hr_range, ',') == NULL) {
|
|
const char *rstart, *dash;
|
|
|
|
rstart = strchr(request->hr_range, '=');
|
|
if (rstart != NULL) {
|
|
rstart++;
|
|
dash = strchr(rstart, '-');
|
|
if (dash != NULL && dash != rstart) {
|
|
dash++;
|
|
request->hr_have_range = 1;
|
|
request->hr_first_byte_pos =
|
|
strtoll(rstart, NULL, 10);
|
|
if (request->hr_first_byte_pos < 0)
|
|
request->hr_first_byte_pos = 0;
|
|
if (*dash != '\0') {
|
|
request->hr_last_byte_pos =
|
|
strtoll(dash, NULL, 10);
|
|
if (request->hr_last_byte_pos < 0)
|
|
request->hr_last_byte_pos = -1;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
debug((httpd, DEBUG_FAT, "bozo_read_request returns url %s in request",
|
|
request->hr_file));
|
|
return request;
|
|
|
|
cleanup:
|
|
bozo_clean_request(request);
|
|
|
|
return NULL;
|
|
}
|
|
|
|
static int
|
|
mmap_and_write_part(bozohttpd_t *httpd, int fd, off_t first_byte_pos, size_t sz)
|
|
{
|
|
size_t mappedsz, wroffset;
|
|
off_t mappedoffset;
|
|
char *addr;
|
|
void *mappedaddr;
|
|
|
|
/*
|
|
* we need to ensure that both the size *and* offset arguments to
|
|
* mmap() are page-aligned. our formala for this is:
|
|
*
|
|
* input offset: first_byte_pos
|
|
* input size: sz
|
|
*
|
|
* mapped offset = page align truncate (input offset)
|
|
* mapped size =
|
|
* page align extend (input offset - mapped offset + input size)
|
|
* write offset = input offset - mapped offset
|
|
*
|
|
* we use the write offset in all writes
|
|
*/
|
|
mappedoffset = first_byte_pos & ~(httpd->page_size - 1);
|
|
mappedsz = (size_t)
|
|
(first_byte_pos - mappedoffset + sz + httpd->page_size - 1) &
|
|
~(httpd->page_size - 1);
|
|
wroffset = (size_t)(first_byte_pos - mappedoffset);
|
|
|
|
addr = mmap(0, mappedsz, PROT_READ, MAP_SHARED, fd, mappedoffset);
|
|
if (addr == (char *)-1) {
|
|
bozo_warn(httpd, "mmap failed: %s", strerror(errno));
|
|
return -1;
|
|
}
|
|
mappedaddr = addr;
|
|
|
|
#ifdef MADV_SEQUENTIAL
|
|
(void)madvise(addr, sz, MADV_SEQUENTIAL);
|
|
#endif
|
|
while (sz > BOZO_WRSZ) {
|
|
if (bozo_write(httpd, STDOUT_FILENO, addr + wroffset,
|
|
BOZO_WRSZ) != BOZO_WRSZ) {
|
|
bozo_warn(httpd, "write failed: %s", strerror(errno));
|
|
goto out;
|
|
}
|
|
debug((httpd, DEBUG_OBESE, "wrote %d bytes", BOZO_WRSZ));
|
|
sz -= BOZO_WRSZ;
|
|
addr += BOZO_WRSZ;
|
|
}
|
|
if (sz && (size_t)bozo_write(httpd, STDOUT_FILENO, addr + wroffset,
|
|
sz) != sz) {
|
|
bozo_warn(httpd, "final write failed: %s", strerror(errno));
|
|
goto out;
|
|
}
|
|
debug((httpd, DEBUG_OBESE, "wrote %d bytes", (int)sz));
|
|
out:
|
|
if (munmap(mappedaddr, mappedsz) < 0) {
|
|
bozo_warn(httpd, "munmap failed");
|
|
return -1;
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
static int
|
|
parse_http_date(const char *val, time_t *timestamp)
|
|
{
|
|
char *remainder;
|
|
struct tm tm;
|
|
|
|
if ((remainder = strptime(val, "%a, %d %b %Y %T GMT", &tm)) == NULL &&
|
|
(remainder = strptime(val, "%a, %d-%b-%y %T GMT", &tm)) == NULL &&
|
|
(remainder = strptime(val, "%a %b %d %T %Y", &tm)) == NULL)
|
|
return 0; /* Invalid HTTP date format */
|
|
|
|
if (*remainder)
|
|
return 0; /* No trailing garbage */
|
|
|
|
*timestamp = timegm(&tm);
|
|
return 1;
|
|
}
|
|
|
|
/*
|
|
* given an url, encode it ala rfc 3986. ie, escape ? and friends.
|
|
* note that this function returns a static buffer, and thus needs
|
|
* to be updated for any sort of parallel processing.
|
|
*/
|
|
char *
|
|
escape_rfc3986(bozohttpd_t *httpd, const char *url)
|
|
{
|
|
static char *buf;
|
|
static size_t buflen = 0;
|
|
size_t len;
|
|
const char *s;
|
|
char *d;
|
|
|
|
len = strlen(url);
|
|
if (buflen < len * 3 + 1) {
|
|
buflen = len * 3 + 1;
|
|
buf = bozorealloc(httpd, buf, buflen);
|
|
}
|
|
|
|
if (url == NULL) {
|
|
buf[0] = 0;
|
|
return buf;
|
|
}
|
|
|
|
for (len = 0, s = url, d = buf; *s;) {
|
|
if (*s & 0x80)
|
|
goto encode_it;
|
|
switch (*s) {
|
|
case ':':
|
|
case '/':
|
|
case '?':
|
|
case '#':
|
|
case '[':
|
|
case ']':
|
|
case '@':
|
|
case '!':
|
|
case '$':
|
|
case '&':
|
|
case '\'':
|
|
case '(':
|
|
case ')':
|
|
case '*':
|
|
case '+':
|
|
case ',':
|
|
case ';':
|
|
case '=':
|
|
case '%':
|
|
encode_it:
|
|
snprintf(d, 4, "%%%2X", *s++);
|
|
d += 3;
|
|
len += 3;
|
|
break;
|
|
default:
|
|
*d++ = *s++;
|
|
len++;
|
|
break;
|
|
}
|
|
}
|
|
buf[len] = 0;
|
|
|
|
return buf;
|
|
}
|
|
|
|
/*
|
|
* checks to see if this request has a valid .bzdirect file. returns
|
|
* 0 on failure and 1 on success.
|
|
*/
|
|
static int
|
|
check_direct_access(bozo_httpreq_t *request)
|
|
{
|
|
FILE *fp;
|
|
struct stat sb;
|
|
char dir[MAXPATHLEN], dirfile[MAXPATHLEN], *basename;
|
|
|
|
snprintf(dir, sizeof(dir), "%s", request->hr_file + 1);
|
|
debug((request->hr_httpd, DEBUG_FAT, "check_bzredirect: dir %s", dir));
|
|
basename = strrchr(dir, '/');
|
|
|
|
if ((!basename || basename[1] != '\0') &&
|
|
lstat(dir, &sb) == 0 && S_ISDIR(sb.st_mode))
|
|
/* nothing */;
|
|
else if (basename == NULL)
|
|
strcpy(dir, ".");
|
|
else {
|
|
*basename++ = '\0';
|
|
bozo_check_special_files(request, basename);
|
|
}
|
|
|
|
snprintf(dirfile, sizeof(dirfile), "%s/%s", dir, DIRECT_ACCESS_FILE);
|
|
if (stat(dirfile, &sb) < 0 ||
|
|
(fp = fopen(dirfile, "r")) == NULL)
|
|
return 0;
|
|
fclose(fp);
|
|
return 1;
|
|
}
|
|
|
|
/*
|
|
* do automatic redirection -- if there are query parameters for the URL
|
|
* we will tack these on to the new (redirected) URL.
|
|
*/
|
|
static void
|
|
handle_redirect(bozo_httpreq_t *request,
|
|
const char *url, int absolute)
|
|
{
|
|
bozohttpd_t *httpd = request->hr_httpd;
|
|
char *urlbuf;
|
|
char portbuf[20];
|
|
int query = 0;
|
|
|
|
if (url == NULL) {
|
|
if (asprintf(&urlbuf, "/%s/", request->hr_file) < 0)
|
|
bozo_err(httpd, 1, "asprintf");
|
|
url = urlbuf;
|
|
} else
|
|
urlbuf = NULL;
|
|
url = escape_rfc3986(request->hr_httpd, url);
|
|
|
|
if (request->hr_query && strlen(request->hr_query))
|
|
query = 1;
|
|
|
|
if (request->hr_serverport && strcmp(request->hr_serverport, "80") != 0)
|
|
snprintf(portbuf, sizeof(portbuf), ":%s",
|
|
request->hr_serverport);
|
|
else
|
|
portbuf[0] = '\0';
|
|
bozo_warn(httpd, "redirecting %s%s%s", httpd->virthostname, portbuf, url);
|
|
debug((httpd, DEBUG_FAT, "redirecting %s", url));
|
|
bozo_printf(httpd, "%s 301 Document Moved\r\n", request->hr_proto);
|
|
if (request->hr_proto != httpd->consts.http_09)
|
|
bozo_print_header(request, NULL, "text/html", NULL);
|
|
if (request->hr_proto != httpd->consts.http_09) {
|
|
bozo_printf(httpd, "Location: http://");
|
|
if (absolute == 0)
|
|
bozo_printf(httpd, "%s%s", httpd->virthostname, portbuf);
|
|
if (query) {
|
|
bozo_printf(httpd, "%s?%s\r\n", url, request->hr_query);
|
|
} else {
|
|
bozo_printf(httpd, "%s\r\n", url);
|
|
}
|
|
}
|
|
bozo_printf(httpd, "\r\n");
|
|
if (request->hr_method == HTTP_HEAD)
|
|
goto head;
|
|
bozo_printf(httpd, "<html><head><title>Document Moved</title></head>\n");
|
|
bozo_printf(httpd, "<body><h1>Document Moved</h1>\n");
|
|
bozo_printf(httpd, "This document had moved <a href=\"http://");
|
|
if (query) {
|
|
if (absolute)
|
|
bozo_printf(httpd, "%s?%s", url, request->hr_query);
|
|
else
|
|
bozo_printf(httpd, "%s%s%s?%s", httpd->virthostname,
|
|
portbuf, url, request->hr_query);
|
|
} else {
|
|
if (absolute)
|
|
bozo_printf(httpd, "%s", url);
|
|
else
|
|
bozo_printf(httpd, "%s%s%s", httpd->virthostname,
|
|
portbuf, url);
|
|
}
|
|
bozo_printf(httpd, "\">here</a>\n");
|
|
bozo_printf(httpd, "</body></html>\n");
|
|
head:
|
|
bozo_flush(httpd, stdout);
|
|
if (urlbuf)
|
|
free(urlbuf);
|
|
}
|
|
|
|
/*
|
|
* deal with virtual host names; we do this:
|
|
* if we have a virtual path root (httpd->virtbase), and we are given a
|
|
* virtual host spec (Host: ho.st or http://ho.st/), see if this
|
|
* directory exists under httpd->virtbase. if it does, use this as the
|
|
# new slashdir.
|
|
*/
|
|
static int
|
|
check_virtual(bozo_httpreq_t *request)
|
|
{
|
|
bozohttpd_t *httpd = request->hr_httpd;
|
|
char *file = request->hr_file, *s;
|
|
size_t len;
|
|
|
|
if (!httpd->virtbase)
|
|
goto use_slashdir;
|
|
|
|
/*
|
|
* convert http://virtual.host/ to request->hr_host
|
|
*/
|
|
debug((httpd, DEBUG_OBESE, "checking for http:// virtual host in ``%s''",
|
|
file));
|
|
if (strncasecmp(file, "http://", 7) == 0) {
|
|
/* we would do virtual hosting here? */
|
|
file += 7;
|
|
s = strchr(file, '/');
|
|
/* HTTP/1.1 draft rev-06, 5.2: URI takes precedence over Host: */
|
|
request->hr_host = file;
|
|
request->hr_file = bozostrdup(request->hr_httpd, s ? s : "/");
|
|
debug((httpd, DEBUG_OBESE, "got host ``%s'' file is now ``%s''",
|
|
request->hr_host, request->hr_file));
|
|
} else if (!request->hr_host)
|
|
goto use_slashdir;
|
|
|
|
/*
|
|
* ok, we have a virtual host, use scandir(3) to find a case
|
|
* insensitive match for the virtual host we are asked for.
|
|
* note that if the virtual host is the same as the master,
|
|
* we don't need to do anything special.
|
|
*/
|
|
len = strlen(request->hr_host);
|
|
debug((httpd, DEBUG_OBESE,
|
|
"check_virtual: checking host `%s' under httpd->virtbase `%s' "
|
|
"for file `%s'",
|
|
request->hr_host, httpd->virtbase, request->hr_file));
|
|
if (strncasecmp(httpd->virthostname, request->hr_host, len) != 0) {
|
|
s = 0;
|
|
DIR *dirp;
|
|
struct dirent *d;
|
|
|
|
if ((dirp = opendir(httpd->virtbase)) != NULL) {
|
|
while ((d = readdir(dirp)) != NULL) {
|
|
if (strcmp(d->d_name, ".") == 0 ||
|
|
strcmp(d->d_name, "..") == 0) {
|
|
continue;
|
|
}
|
|
debug((httpd, DEBUG_OBESE, "looking at dir``%s''",
|
|
d->d_name));
|
|
if (strncasecmp(d->d_name, request->hr_host,
|
|
len) == 0) {
|
|
/* found it, punch it */
|
|
debug((httpd, DEBUG_OBESE, "found it punch it"));
|
|
httpd->virthostname = d->d_name;
|
|
if (asprintf(&s, "%s/%s", httpd->virtbase,
|
|
httpd->virthostname) < 0)
|
|
bozo_err(httpd, 1, "asprintf");
|
|
break;
|
|
}
|
|
}
|
|
closedir(dirp);
|
|
}
|
|
else {
|
|
debug((httpd, DEBUG_FAT, "opendir %s failed: %s",
|
|
httpd->virtbase, strerror(errno)));
|
|
}
|
|
if (s == 0) {
|
|
if (httpd->unknown_slash)
|
|
goto use_slashdir;
|
|
return bozo_http_error(httpd, 404, request,
|
|
"unknown URL");
|
|
}
|
|
} else
|
|
use_slashdir:
|
|
s = httpd->slashdir;
|
|
|
|
/*
|
|
* ok, nailed the correct slashdir, chdir to it
|
|
*/
|
|
if (chdir(s) < 0)
|
|
return bozo_http_error(httpd, 404, request,
|
|
"can't chdir to slashdir");
|
|
return 0;
|
|
}
|
|
|
|
/*
|
|
* checks to see if this request has a valid .bzredirect file. returns
|
|
* 0 on failure and 1 on success.
|
|
*/
|
|
static void
|
|
check_bzredirect(bozo_httpreq_t *request)
|
|
{
|
|
struct stat sb;
|
|
char dir[MAXPATHLEN], redir[MAXPATHLEN], redirpath[MAXPATHLEN + 1];
|
|
char *basename, *finalredir;
|
|
int rv, absolute;
|
|
|
|
/*
|
|
* if this pathname is really a directory, but doesn't end in /,
|
|
* use it as the directory to look for the redir file.
|
|
*/
|
|
snprintf(dir, sizeof(dir), "%s", request->hr_file + 1);
|
|
debug((request->hr_httpd, DEBUG_FAT, "check_bzredirect: dir %s", dir));
|
|
basename = strrchr(dir, '/');
|
|
|
|
if ((!basename || basename[1] != '\0') &&
|
|
lstat(dir, &sb) == 0 && S_ISDIR(sb.st_mode))
|
|
/* nothing */;
|
|
else if (basename == NULL)
|
|
strcpy(dir, ".");
|
|
else {
|
|
*basename++ = '\0';
|
|
bozo_check_special_files(request, basename);
|
|
}
|
|
|
|
snprintf(redir, sizeof(redir), "%s/%s", dir, REDIRECT_FILE);
|
|
if (lstat(redir, &sb) == 0) {
|
|
if (!S_ISLNK(sb.st_mode))
|
|
return;
|
|
absolute = 0;
|
|
} else {
|
|
snprintf(redir, sizeof(redir), "%s/%s", dir, ABSREDIRECT_FILE);
|
|
if (lstat(redir, &sb) < 0 || !S_ISLNK(sb.st_mode))
|
|
return;
|
|
absolute = 1;
|
|
}
|
|
debug((request->hr_httpd, DEBUG_FAT,
|
|
"check_bzredirect: calling readlink"));
|
|
rv = readlink(redir, redirpath, sizeof redirpath - 1);
|
|
if (rv == -1 || rv == 0) {
|
|
debug((request->hr_httpd, DEBUG_FAT, "readlink failed"));
|
|
return;
|
|
}
|
|
redirpath[rv] = '\0';
|
|
debug((request->hr_httpd, DEBUG_FAT,
|
|
"readlink returned \"%s\"", redirpath));
|
|
|
|
/* now we have the link pointer, redirect to the real place */
|
|
if (absolute)
|
|
finalredir = redirpath;
|
|
else
|
|
snprintf(finalredir = redir, sizeof(redir), "/%s/%s", dir,
|
|
redirpath);
|
|
|
|
debug((request->hr_httpd, DEBUG_FAT,
|
|
"check_bzredirect: new redir %s", finalredir));
|
|
handle_redirect(request, finalredir, absolute);
|
|
}
|
|
|
|
/* this fixes the %HH hack that RFC2396 requires. */
|
|
static void
|
|
fix_url_percent(bozo_httpreq_t *request)
|
|
{
|
|
bozohttpd_t *httpd = request->hr_httpd;
|
|
char *s, *t, buf[3], *url;
|
|
char *end; /* if end is not-zero, we don't translate beyond that */
|
|
|
|
url = request->hr_file;
|
|
|
|
end = url + strlen(url);
|
|
|
|
/* fast forward to the first % */
|
|
if ((s = strchr(url, '%')) == NULL)
|
|
return;
|
|
|
|
t = s;
|
|
do {
|
|
if (end && s >= end) {
|
|
debug((httpd, DEBUG_EXPLODING,
|
|
"fu_%%: past end, filling out.."));
|
|
while (*s)
|
|
*t++ = *s++;
|
|
break;
|
|
}
|
|
debug((httpd, DEBUG_EXPLODING,
|
|
"fu_%%: got s == %%, s[1]s[2] == %c%c",
|
|
s[1], s[2]));
|
|
if (s[1] == '\0' || s[2] == '\0') {
|
|
(void)bozo_http_error(httpd, 400, request,
|
|
"percent hack missing two chars afterwards");
|
|
goto copy_rest;
|
|
}
|
|
if (s[1] == '0' && s[2] == '0') {
|
|
(void)bozo_http_error(httpd, 404, request,
|
|
"percent hack was %00");
|
|
goto copy_rest;
|
|
}
|
|
if (s[1] == '2' && s[2] == 'f') {
|
|
(void)bozo_http_error(httpd, 404, request,
|
|
"percent hack was %2f (/)");
|
|
goto copy_rest;
|
|
}
|
|
|
|
buf[0] = *++s;
|
|
buf[1] = *++s;
|
|
buf[2] = '\0';
|
|
s++;
|
|
*t = (char)strtol(buf, NULL, 16);
|
|
debug((httpd, DEBUG_EXPLODING,
|
|
"fu_%%: strtol put '%02x' into *t", *t));
|
|
if (*t++ == '\0') {
|
|
(void)bozo_http_error(httpd, 400, request,
|
|
"percent hack got a 0 back");
|
|
goto copy_rest;
|
|
}
|
|
|
|
while (*s && *s != '%') {
|
|
if (end && s >= end)
|
|
break;
|
|
*t++ = *s++;
|
|
}
|
|
} while (*s);
|
|
copy_rest:
|
|
while (*s) {
|
|
if (s >= end)
|
|
break;
|
|
*t++ = *s++;
|
|
}
|
|
*t = '\0';
|
|
debug((httpd, DEBUG_FAT, "fix_url_percent returns %s in url",
|
|
request->hr_file));
|
|
}
|
|
|
|
/*
|
|
* transform_request does this:
|
|
* - ``expand'' %20 crapola
|
|
* - punt if it doesn't start with /
|
|
* - check httpd->untrustedref / referrer
|
|
* - look for "http://myname/" and deal with it.
|
|
* - maybe call bozo_process_cgi()
|
|
* - check for ~user and call bozo_user_transform() if so
|
|
* - if the length > 1, check for trailing slash. if so,
|
|
* add the index.html file
|
|
* - if the length is 1, return the index.html file
|
|
* - disallow anything ending up with a file starting
|
|
* at "/" or having ".." in it.
|
|
* - anything else is a really weird internal error
|
|
* - returns malloced file to serve, if unhandled
|
|
*/
|
|
static int
|
|
transform_request(bozo_httpreq_t *request, int *isindex)
|
|
{
|
|
bozohttpd_t *httpd = request->hr_httpd;
|
|
char *file, *newfile = NULL;
|
|
size_t len;
|
|
|
|
file = NULL;
|
|
*isindex = 0;
|
|
debug((httpd, DEBUG_FAT, "tf_req: file %s", request->hr_file));
|
|
fix_url_percent(request);
|
|
if (check_virtual(request)) {
|
|
goto bad_done;
|
|
}
|
|
file = request->hr_file;
|
|
|
|
if (file[0] != '/') {
|
|
(void)bozo_http_error(httpd, 404, request, "unknown URL");
|
|
goto bad_done;
|
|
}
|
|
|
|
check_bzredirect(request);
|
|
|
|
if (httpd->untrustedref) {
|
|
int to_indexhtml = 0;
|
|
|
|
#define TOP_PAGE(x) (strcmp((x), "/") == 0 || \
|
|
strcmp((x) + 1, httpd->index_html) == 0 || \
|
|
strcmp((x) + 1, "favicon.ico") == 0)
|
|
|
|
debug((httpd, DEBUG_EXPLODING, "checking httpd->untrustedref"));
|
|
/*
|
|
* first check that this path isn't allowed via .bzdirect file,
|
|
* and then check referrer; make sure that people come via the
|
|
* real name... otherwise if we aren't looking at / or
|
|
* /index.html, redirect... we also special case favicon.ico.
|
|
*/
|
|
if (check_direct_access(request))
|
|
/* nothing */;
|
|
else if (request->hr_referrer) {
|
|
const char *r = request->hr_referrer;
|
|
|
|
debug((httpd, DEBUG_FAT,
|
|
"checking referrer \"%s\" vs virthostname %s",
|
|
r, httpd->virthostname));
|
|
if (strncmp(r, "http://", 7) != 0 ||
|
|
(strncasecmp(r + 7, httpd->virthostname,
|
|
strlen(httpd->virthostname)) != 0 &&
|
|
!TOP_PAGE(file)))
|
|
to_indexhtml = 1;
|
|
} else {
|
|
const char *h = request->hr_host;
|
|
|
|
debug((httpd, DEBUG_FAT, "url has no referrer at all"));
|
|
/* if there's no referrer, let / or /index.html past */
|
|
if (!TOP_PAGE(file) ||
|
|
(h && strncasecmp(h, httpd->virthostname,
|
|
strlen(httpd->virthostname)) != 0))
|
|
to_indexhtml = 1;
|
|
}
|
|
|
|
if (to_indexhtml) {
|
|
char *slashindexhtml;
|
|
|
|
if (asprintf(&slashindexhtml, "/%s",
|
|
httpd->index_html) < 0)
|
|
bozo_err(httpd, 1, "asprintf");
|
|
debug((httpd, DEBUG_FAT,
|
|
"httpd->untrustedref: redirecting %s to %s",
|
|
file, slashindexhtml));
|
|
handle_redirect(request, slashindexhtml, 0);
|
|
free(slashindexhtml);
|
|
return 0;
|
|
}
|
|
}
|
|
|
|
len = strlen(file);
|
|
if (/*CONSTCOND*/0) {
|
|
#ifndef NO_USER_SUPPORT
|
|
} else if (len > 1 && httpd->enable_users && file[1] == '~') {
|
|
if (file[2] == '\0') {
|
|
(void)bozo_http_error(httpd, 404, request,
|
|
"missing username");
|
|
goto bad_done;
|
|
}
|
|
if (strchr(file + 2, '/') == NULL) {
|
|
handle_redirect(request, NULL, 0);
|
|
return 0;
|
|
}
|
|
debug((httpd, DEBUG_FAT, "calling bozo_user_transform"));
|
|
|
|
return bozo_user_transform(request, isindex);
|
|
#endif /* NO_USER_SUPPORT */
|
|
} else if (len > 1) {
|
|
debug((httpd, DEBUG_FAT, "file[len-1] == %c", file[len-1]));
|
|
if (file[len-1] == '/') { /* append index.html */
|
|
*isindex = 1;
|
|
debug((httpd, DEBUG_FAT, "appending index.html"));
|
|
newfile = bozomalloc(httpd,
|
|
len + strlen(httpd->index_html) + 1);
|
|
strcpy(newfile, file + 1);
|
|
strcat(newfile, httpd->index_html);
|
|
} else
|
|
newfile = bozostrdup(request->hr_httpd, file + 1);
|
|
} else if (len == 1) {
|
|
debug((httpd, DEBUG_EXPLODING, "tf_req: len == 1"));
|
|
newfile = bozostrdup(request->hr_httpd, httpd->index_html);
|
|
*isindex = 1;
|
|
} else { /* len == 0 ? */
|
|
(void)bozo_http_error(httpd, 500, request,
|
|
"request->hr_file is nul?");
|
|
goto bad_done;
|
|
}
|
|
|
|
if (newfile == NULL) {
|
|
(void)bozo_http_error(httpd, 500, request, "internal failure");
|
|
goto bad_done;
|
|
}
|
|
|
|
/*
|
|
* look for "http://myname/" and deal with it as necessary.
|
|
*/
|
|
|
|
/*
|
|
* stop traversing outside our domain
|
|
*
|
|
* XXX true security only comes from our parent using chroot(2)
|
|
* before execve(2)'ing us. or our own built in chroot(2) support.
|
|
*/
|
|
if (*newfile == '/' || strcmp(newfile, "..") == 0 ||
|
|
strstr(newfile, "/..") || strstr(newfile, "../")) {
|
|
(void)bozo_http_error(httpd, 403, request, "illegal request");
|
|
goto bad_done;
|
|
}
|
|
|
|
if (bozo_auth_check(request, newfile))
|
|
goto bad_done;
|
|
|
|
if (strlen(newfile)) {
|
|
request->hr_oldfile = request->hr_file;
|
|
request->hr_file = newfile;
|
|
}
|
|
|
|
if (bozo_process_cgi(request))
|
|
return 0;
|
|
|
|
debug((httpd, DEBUG_FAT, "transform_request set: %s", newfile));
|
|
return 1;
|
|
bad_done:
|
|
debug((httpd, DEBUG_FAT, "transform_request returning: 0"));
|
|
if (newfile)
|
|
free(newfile);
|
|
return 0;
|
|
}
|
|
|
|
/*
|
|
* can_gzip checks if the request supports and prefers gzip encoding.
|
|
*
|
|
* XXX: we do not consider the associated q with gzip in making our
|
|
* decision which is broken.
|
|
*/
|
|
|
|
static int
|
|
can_gzip(bozo_httpreq_t *request)
|
|
{
|
|
const char *pos;
|
|
const char *tmp;
|
|
size_t len;
|
|
|
|
/* First we decide if the request can be gzipped at all. */
|
|
|
|
/* not if we already are encoded... */
|
|
tmp = bozo_content_encoding(request, request->hr_file);
|
|
if (tmp && *tmp)
|
|
return 0;
|
|
|
|
/* not if we are not asking for the whole file... */
|
|
if (request->hr_last_byte_pos != -1 || request->hr_have_range)
|
|
return 0;
|
|
|
|
/* Then we determine if gzip is on the cards. */
|
|
|
|
for (pos = request->hr_accept_encoding; pos && *pos; pos += len) {
|
|
while (*pos == ' ')
|
|
pos++;
|
|
|
|
len = strcspn(pos, ";,");
|
|
|
|
if ((len == 4 && strncasecmp("gzip", pos, 4) == 0) ||
|
|
(len == 6 && strncasecmp("x-gzip", pos, 6) == 0))
|
|
return 1;
|
|
|
|
if (pos[len] == ';')
|
|
len += strcspn(&pos[len], ",");
|
|
|
|
if (pos[len])
|
|
len++;
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
/*
|
|
* bozo_process_request does the following:
|
|
* - check the request is valid
|
|
* - process cgi-bin if necessary
|
|
* - transform a filename if necesarry
|
|
* - return the HTTP request
|
|
*/
|
|
void
|
|
bozo_process_request(bozo_httpreq_t *request)
|
|
{
|
|
bozohttpd_t *httpd = request->hr_httpd;
|
|
struct stat sb;
|
|
time_t timestamp;
|
|
char *file;
|
|
const char *type, *encoding;
|
|
int fd, isindex;
|
|
|
|
/*
|
|
* note that transform_request chdir()'s if required. also note
|
|
* that cgi is handed here. if transform_request() returns 0
|
|
* then the request has been handled already.
|
|
*/
|
|
if (transform_request(request, &isindex) == 0)
|
|
return;
|
|
|
|
fd = -1;
|
|
encoding = NULL;
|
|
if (can_gzip(request)) {
|
|
asprintf(&file, "%s.gz", request->hr_file);
|
|
fd = open(file, O_RDONLY);
|
|
if (fd >= 0)
|
|
encoding = "gzip";
|
|
free(file);
|
|
}
|
|
|
|
file = request->hr_file;
|
|
|
|
if (fd < 0)
|
|
fd = open(file, O_RDONLY);
|
|
|
|
if (fd < 0) {
|
|
debug((httpd, DEBUG_FAT, "open failed: %s", strerror(errno)));
|
|
if (errno == EPERM)
|
|
(void)bozo_http_error(httpd, 403, request,
|
|
"no permission to open file");
|
|
else if (errno == ENOENT) {
|
|
if (!bozo_dir_index(request, file, isindex))
|
|
(void)bozo_http_error(httpd, 404, request,
|
|
"no file");
|
|
} else
|
|
(void)bozo_http_error(httpd, 500, request, "open file");
|
|
goto cleanup_nofd;
|
|
}
|
|
if (fstat(fd, &sb) < 0) {
|
|
(void)bozo_http_error(httpd, 500, request, "can't fstat");
|
|
goto cleanup;
|
|
}
|
|
if (S_ISDIR(sb.st_mode)) {
|
|
handle_redirect(request, NULL, 0);
|
|
goto cleanup;
|
|
}
|
|
|
|
if (request->hr_if_modified_since &&
|
|
parse_http_date(request->hr_if_modified_since, ×tamp) &&
|
|
timestamp >= sb.st_mtime) {
|
|
/* XXX ignore subsecond of timestamp */
|
|
bozo_printf(httpd, "%s 304 Not Modified\r\n",
|
|
request->hr_proto);
|
|
bozo_printf(httpd, "\r\n");
|
|
bozo_flush(httpd, stdout);
|
|
goto cleanup;
|
|
}
|
|
|
|
/* validate requested range */
|
|
if (request->hr_last_byte_pos == -1 ||
|
|
request->hr_last_byte_pos >= sb.st_size)
|
|
request->hr_last_byte_pos = sb.st_size - 1;
|
|
if (request->hr_have_range &&
|
|
request->hr_first_byte_pos > request->hr_last_byte_pos) {
|
|
request->hr_have_range = 0; /* punt */
|
|
request->hr_first_byte_pos = 0;
|
|
request->hr_last_byte_pos = sb.st_size - 1;
|
|
}
|
|
debug((httpd, DEBUG_FAT, "have_range %d first_pos %lld last_pos %lld",
|
|
request->hr_have_range,
|
|
(long long)request->hr_first_byte_pos,
|
|
(long long)request->hr_last_byte_pos));
|
|
if (request->hr_have_range)
|
|
bozo_printf(httpd, "%s 206 Partial Content\r\n",
|
|
request->hr_proto);
|
|
else
|
|
bozo_printf(httpd, "%s 200 OK\r\n", request->hr_proto);
|
|
|
|
if (request->hr_proto != httpd->consts.http_09) {
|
|
type = bozo_content_type(request, file);
|
|
if (!encoding)
|
|
encoding = bozo_content_encoding(request, file);
|
|
|
|
bozo_print_header(request, &sb, type, encoding);
|
|
bozo_printf(httpd, "\r\n");
|
|
}
|
|
bozo_flush(httpd, stdout);
|
|
|
|
if (request->hr_method != HTTP_HEAD) {
|
|
off_t szleft, cur_byte_pos;
|
|
|
|
szleft =
|
|
request->hr_last_byte_pos - request->hr_first_byte_pos + 1;
|
|
cur_byte_pos = request->hr_first_byte_pos;
|
|
|
|
retry:
|
|
while (szleft) {
|
|
size_t sz;
|
|
|
|
/* This should take care of the first unaligned chunk */
|
|
if ((cur_byte_pos & (httpd->page_size - 1)) != 0)
|
|
sz = (size_t)(cur_byte_pos & ~httpd->page_size);
|
|
if ((off_t)httpd->mmapsz < szleft)
|
|
sz = httpd->mmapsz;
|
|
else
|
|
sz = (size_t)szleft;
|
|
if (mmap_and_write_part(httpd, fd, cur_byte_pos, sz)) {
|
|
if (errno == ENOMEM) {
|
|
httpd->mmapsz /= 2;
|
|
if (httpd->mmapsz >= httpd->page_size)
|
|
goto retry;
|
|
}
|
|
goto cleanup;
|
|
}
|
|
cur_byte_pos += sz;
|
|
szleft -= sz;
|
|
}
|
|
}
|
|
cleanup:
|
|
close(fd);
|
|
cleanup_nofd:
|
|
close(STDIN_FILENO);
|
|
close(STDOUT_FILENO);
|
|
/*close(STDERR_FILENO);*/
|
|
}
|
|
|
|
/* make sure we're not trying to access special files */
|
|
int
|
|
bozo_check_special_files(bozo_httpreq_t *request, const char *name)
|
|
{
|
|
bozohttpd_t *httpd = request->hr_httpd;
|
|
|
|
/* ensure basename(name) != special files */
|
|
if (strcmp(name, DIRECT_ACCESS_FILE) == 0)
|
|
return bozo_http_error(httpd, 403, request,
|
|
"no permission to open direct access file");
|
|
if (strcmp(name, REDIRECT_FILE) == 0)
|
|
return bozo_http_error(httpd, 403, request,
|
|
"no permission to open redirect file");
|
|
if (strcmp(name, ABSREDIRECT_FILE) == 0)
|
|
return bozo_http_error(httpd, 403, request,
|
|
"no permission to open redirect file");
|
|
return bozo_auth_check_special_files(request, name);
|
|
}
|
|
|
|
/* generic header printing routine */
|
|
void
|
|
bozo_print_header(bozo_httpreq_t *request,
|
|
struct stat *sbp, const char *type, const char *encoding)
|
|
{
|
|
bozohttpd_t *httpd = request->hr_httpd;
|
|
off_t len;
|
|
char date[40];
|
|
|
|
bozo_printf(httpd, "Date: %s\r\n", bozo_http_date(date, sizeof(date)));
|
|
bozo_printf(httpd, "Server: %s\r\n", httpd->server_software);
|
|
bozo_printf(httpd, "Accept-Ranges: bytes\r\n");
|
|
if (sbp) {
|
|
char filedate[40];
|
|
struct tm *tm;
|
|
|
|
tm = gmtime(&sbp->st_mtime);
|
|
strftime(filedate, sizeof filedate,
|
|
"%a, %d %b %Y %H:%M:%S GMT", tm);
|
|
bozo_printf(httpd, "Last-Modified: %s\r\n", filedate);
|
|
}
|
|
if (type && *type)
|
|
bozo_printf(httpd, "Content-Type: %s\r\n", type);
|
|
if (encoding && *encoding)
|
|
bozo_printf(httpd, "Content-Encoding: %s\r\n", encoding);
|
|
if (sbp) {
|
|
if (request->hr_have_range) {
|
|
len = request->hr_last_byte_pos -
|
|
request->hr_first_byte_pos +1;
|
|
bozo_printf(httpd,
|
|
"Content-Range: bytes %qd-%qd/%qd\r\n",
|
|
(long long) request->hr_first_byte_pos,
|
|
(long long) request->hr_last_byte_pos,
|
|
(long long) sbp->st_size);
|
|
} else
|
|
len = sbp->st_size;
|
|
bozo_printf(httpd, "Content-Length: %qd\r\n", (long long)len);
|
|
}
|
|
if (request && request->hr_proto == httpd->consts.http_11)
|
|
bozo_printf(httpd, "Connection: close\r\n");
|
|
bozo_flush(httpd, stdout);
|
|
}
|
|
|
|
#ifndef NO_DEBUG
|
|
void
|
|
debug__(bozohttpd_t *httpd, int level, const char *fmt, ...)
|
|
{
|
|
va_list ap;
|
|
int savederrno;
|
|
|
|
/* only log if the level is low enough */
|
|
if (httpd->debug < level)
|
|
return;
|
|
|
|
savederrno = errno;
|
|
va_start(ap, fmt);
|
|
if (httpd->logstderr) {
|
|
vfprintf(stderr, fmt, ap);
|
|
fputs("\n", stderr);
|
|
} else
|
|
vsyslog(LOG_DEBUG, fmt, ap);
|
|
va_end(ap);
|
|
errno = savederrno;
|
|
}
|
|
#endif /* NO_DEBUG */
|
|
|
|
/* these are like warn() and err(), except for syslog not stderr */
|
|
void
|
|
bozo_warn(bozohttpd_t *httpd, const char *fmt, ...)
|
|
{
|
|
va_list ap;
|
|
|
|
va_start(ap, fmt);
|
|
if (httpd->logstderr || isatty(STDERR_FILENO)) {
|
|
//fputs("warning: ", stderr);
|
|
vfprintf(stderr, fmt, ap);
|
|
fputs("\n", stderr);
|
|
} else
|
|
vsyslog(LOG_INFO, fmt, ap);
|
|
va_end(ap);
|
|
}
|
|
|
|
void
|
|
bozo_err(bozohttpd_t *httpd, int code, const char *fmt, ...)
|
|
{
|
|
va_list ap;
|
|
|
|
va_start(ap, fmt);
|
|
if (httpd->logstderr || isatty(STDERR_FILENO)) {
|
|
//fputs("error: ", stderr);
|
|
vfprintf(stderr, fmt, ap);
|
|
fputs("\n", stderr);
|
|
} else
|
|
vsyslog(LOG_ERR, fmt, ap);
|
|
va_end(ap);
|
|
exit(code);
|
|
}
|
|
|
|
/* this escape HTML tags */
|
|
static void
|
|
escape_html(bozo_httpreq_t *request)
|
|
{
|
|
int i, j;
|
|
char *url = request->hr_file, *tmp;
|
|
|
|
for (i = 0, j = 0; url[i]; i++) {
|
|
switch (url[i]) {
|
|
case '<':
|
|
case '>':
|
|
j += 4;
|
|
break;
|
|
case '&':
|
|
j += 5;
|
|
break;
|
|
}
|
|
}
|
|
|
|
if (j == 0)
|
|
return;
|
|
|
|
if ((tmp = (char *) malloc(strlen(url) + j)) == 0)
|
|
/*
|
|
* ouch, but we are only called from an error context, and
|
|
* most paths here come from malloc(3) failures anyway...
|
|
* we could completely punt and just exit, but isn't returning
|
|
* an not-quite-correct error better than nothing at all?
|
|
*/
|
|
return;
|
|
|
|
for (i = 0, j = 0; url[i]; i++) {
|
|
switch (url[i]) {
|
|
case '<':
|
|
memcpy(tmp + j, "<", 4);
|
|
j += 4;
|
|
break;
|
|
case '>':
|
|
memcpy(tmp + j, ">", 4);
|
|
j += 4;
|
|
break;
|
|
case '&':
|
|
memcpy(tmp + j, "&", 5);
|
|
j += 5;
|
|
break;
|
|
default:
|
|
tmp[j++] = url[i];
|
|
}
|
|
}
|
|
tmp[j] = 0;
|
|
|
|
free(request->hr_file);
|
|
request->hr_file = tmp;
|
|
}
|
|
|
|
/* short map between error code, and short/long messages */
|
|
static struct errors_map {
|
|
int code; /* HTTP return code */
|
|
const char *shortmsg; /* short version of message */
|
|
const char *longmsg; /* long version of message */
|
|
} errors_map[] = {
|
|
{ 400, "400 Bad Request", "The request was not valid", },
|
|
{ 401, "401 Unauthorized", "No authorization", },
|
|
{ 403, "403 Forbidden", "Access to this item has been denied",},
|
|
{ 404, "404 Not Found", "This item has not been found", },
|
|
{ 408, "408 Request Timeout", "This request took too long", },
|
|
{ 417, "417 Expectation Failed","Expectations not available", },
|
|
{ 500, "500 Internal Error", "An error occured on the server", },
|
|
{ 501, "501 Not Implemented", "This request is not available", },
|
|
{ 0, NULL, NULL, },
|
|
};
|
|
|
|
static const char *help = "DANGER! WILL ROBINSON! DANGER!";
|
|
|
|
static const char *
|
|
http_errors_short(int code)
|
|
{
|
|
struct errors_map *ep;
|
|
|
|
for (ep = errors_map; ep->code; ep++)
|
|
if (ep->code == code)
|
|
return (ep->shortmsg);
|
|
return (help);
|
|
}
|
|
|
|
static const char *
|
|
http_errors_long(int code)
|
|
{
|
|
struct errors_map *ep;
|
|
|
|
for (ep = errors_map; ep->code; ep++)
|
|
if (ep->code == code)
|
|
return (ep->longmsg);
|
|
return (help);
|
|
}
|
|
|
|
/* the follow functions and variables are used in handling HTTP errors */
|
|
/* ARGSUSED */
|
|
int
|
|
bozo_http_error(bozohttpd_t *httpd, int code, bozo_httpreq_t *request,
|
|
const char *msg)
|
|
{
|
|
char portbuf[20];
|
|
const char *header = http_errors_short(code);
|
|
const char *reason = http_errors_long(code);
|
|
const char *proto = (request && request->hr_proto) ?
|
|
request->hr_proto : httpd->consts.http_11;
|
|
int size;
|
|
|
|
debug((httpd, DEBUG_FAT, "bozo_http_error %d: %s", code, msg));
|
|
if (header == NULL || reason == NULL) {
|
|
bozo_err(httpd, 1,
|
|
"bozo_http_error() failed (short = %p, long = %p)",
|
|
header, reason);
|
|
return code;
|
|
}
|
|
|
|
if (request && request->hr_serverport &&
|
|
strcmp(request->hr_serverport, "80") != 0)
|
|
snprintf(portbuf, sizeof(portbuf), ":%s",
|
|
request->hr_serverport);
|
|
else
|
|
portbuf[0] = '\0';
|
|
|
|
if (request && request->hr_file) {
|
|
escape_html(request);
|
|
size = snprintf(httpd->errorbuf, BUFSIZ,
|
|
"<html><head><title>%s</title></head>\n"
|
|
"<body><h1>%s</h1>\n"
|
|
"%s: <pre>%s</pre>\n"
|
|
"<hr><address><a href=\"http://%s%s/\">%s%s</a></address>\n"
|
|
"</body></html>\n",
|
|
header, header, request->hr_file, reason,
|
|
httpd->virthostname, portbuf, httpd->virthostname, portbuf);
|
|
if (size >= (int)BUFSIZ) {
|
|
bozo_warn(httpd,
|
|
"bozo_http_error buffer too small, truncated");
|
|
size = (int)BUFSIZ;
|
|
}
|
|
} else
|
|
size = 0;
|
|
|
|
bozo_printf(httpd, "%s %s\r\n", proto, header);
|
|
if (request)
|
|
bozo_auth_check_401(request, code);
|
|
|
|
bozo_printf(httpd, "Content-Type: text/html\r\n");
|
|
bozo_printf(httpd, "Content-Length: %d\r\n", size);
|
|
bozo_printf(httpd, "Server: %s\r\n", httpd->server_software);
|
|
if (request && request->hr_allow)
|
|
bozo_printf(httpd, "Allow: %s\r\n", request->hr_allow);
|
|
bozo_printf(httpd, "\r\n");
|
|
if (size)
|
|
bozo_printf(httpd, "%s", httpd->errorbuf);
|
|
bozo_flush(httpd, stdout);
|
|
|
|
return code;
|
|
}
|
|
|
|
/* Below are various modified libc functions */
|
|
|
|
/*
|
|
* returns -1 in lenp if the string ran out before finding a delimiter,
|
|
* but is otherwise the same as strsep. Note that the length must be
|
|
* correctly passed in.
|
|
*/
|
|
char *
|
|
bozostrnsep(char **strp, const char *delim, ssize_t *lenp)
|
|
{
|
|
char *s;
|
|
const char *spanp;
|
|
int c, sc;
|
|
char *tok;
|
|
|
|
if ((s = *strp) == NULL)
|
|
return (NULL);
|
|
for (tok = s;;) {
|
|
if (lenp && --(*lenp) == -1)
|
|
return (NULL);
|
|
c = *s++;
|
|
spanp = delim;
|
|
do {
|
|
if ((sc = *spanp++) == c) {
|
|
if (c == 0)
|
|
s = NULL;
|
|
else
|
|
s[-1] = '\0';
|
|
*strp = s;
|
|
return (tok);
|
|
}
|
|
} while (sc != 0);
|
|
}
|
|
/* NOTREACHED */
|
|
}
|
|
|
|
/*
|
|
* inspired by fgetln(3), but works for fd's. should work identically
|
|
* except it, however, does *not* return the newline, and it does nul
|
|
* terminate the string.
|
|
*/
|
|
char *
|
|
bozodgetln(bozohttpd_t *httpd, int fd, ssize_t *lenp,
|
|
ssize_t (*readfn)(bozohttpd_t *, int, void *, size_t))
|
|
{
|
|
ssize_t len;
|
|
int got_cr = 0;
|
|
char c, *nbuffer;
|
|
|
|
/* initialise */
|
|
if (httpd->getln_buflen == 0) {
|
|
/* should be plenty for most requests */
|
|
httpd->getln_buflen = 128;
|
|
httpd->getln_buffer = malloc((size_t)httpd->getln_buflen);
|
|
if (httpd->getln_buffer == NULL) {
|
|
httpd->getln_buflen = 0;
|
|
return NULL;
|
|
}
|
|
}
|
|
len = 0;
|
|
|
|
/*
|
|
* we *have* to read one byte at a time, to not break cgi
|
|
* programs (for we pass stdin off to them). could fix this
|
|
* by becoming a fd-passing program instead of just exec'ing
|
|
* the program
|
|
*
|
|
* the above is no longer true, we are the fd-passing
|
|
* program already.
|
|
*/
|
|
for (; readfn(httpd, fd, &c, 1) == 1; ) {
|
|
debug((httpd, DEBUG_EXPLODING, "bozodgetln read %c", c));
|
|
|
|
if (len >= httpd->getln_buflen - 1) {
|
|
httpd->getln_buflen *= 2;
|
|
debug((httpd, DEBUG_EXPLODING, "bozodgetln: "
|
|
"reallocating buffer to buflen %zu",
|
|
httpd->getln_buflen));
|
|
nbuffer = bozorealloc(httpd, httpd->getln_buffer,
|
|
(size_t)httpd->getln_buflen);
|
|
httpd->getln_buffer = nbuffer;
|
|
}
|
|
|
|
httpd->getln_buffer[len++] = c;
|
|
if (c == '\r') {
|
|
got_cr = 1;
|
|
continue;
|
|
} else if (c == '\n') {
|
|
/*
|
|
* HTTP/1.1 spec says to ignore CR and treat
|
|
* LF as the real line terminator. even though
|
|
* the same spec defines CRLF as the line
|
|
* terminator, it is recommended in section 19.3
|
|
* to do the LF trick for tolerance.
|
|
*/
|
|
if (got_cr)
|
|
len -= 2;
|
|
else
|
|
len -= 1;
|
|
break;
|
|
}
|
|
|
|
}
|
|
httpd->getln_buffer[len] = '\0';
|
|
debug((httpd, DEBUG_OBESE, "bozodgetln returns: ``%s'' with len %zd",
|
|
httpd->getln_buffer, len));
|
|
*lenp = len;
|
|
return httpd->getln_buffer;
|
|
}
|
|
|
|
void *
|
|
bozorealloc(bozohttpd_t *httpd, void *ptr, size_t size)
|
|
{
|
|
void *p;
|
|
|
|
p = realloc(ptr, size);
|
|
if (p == NULL) {
|
|
(void)bozo_http_error(httpd, 500, NULL,
|
|
"memory allocation failure");
|
|
exit(1);
|
|
}
|
|
return (p);
|
|
}
|
|
|
|
void *
|
|
bozomalloc(bozohttpd_t *httpd, size_t size)
|
|
{
|
|
void *p;
|
|
|
|
p = malloc(size);
|
|
if (p == NULL) {
|
|
(void)bozo_http_error(httpd, 500, NULL,
|
|
"memory allocation failure");
|
|
exit(1);
|
|
}
|
|
return (p);
|
|
}
|
|
|
|
char *
|
|
bozostrdup(bozohttpd_t *httpd, const char *str)
|
|
{
|
|
char *p;
|
|
|
|
p = strdup(str);
|
|
if (p == NULL) {
|
|
(void)bozo_http_error(httpd, 500, NULL,
|
|
"memory allocation failure");
|
|
exit(1);
|
|
}
|
|
return (p);
|
|
}
|
|
|
|
/* set default values in bozohttpd_t struct */
|
|
int
|
|
bozo_init_httpd(bozohttpd_t *httpd)
|
|
{
|
|
/* make sure everything is clean */
|
|
(void) memset(httpd, 0x0, sizeof(*httpd));
|
|
|
|
/* constants */
|
|
httpd->consts.http_09 = "HTTP/0.9";
|
|
httpd->consts.http_10 = "HTTP/1.0";
|
|
httpd->consts.http_11 = "HTTP/1.1";
|
|
httpd->consts.text_plain = "text/plain";
|
|
|
|
/* mmap region size */
|
|
httpd->mmapsz = BOZO_MMAPSZ;
|
|
|
|
/* error buffer for bozo_http_error() */
|
|
if ((httpd->errorbuf = malloc(BUFSIZ)) == NULL) {
|
|
(void) fprintf(stderr,
|
|
"bozohttpd: memory_allocation failure\n");
|
|
return 0;
|
|
}
|
|
return 1;
|
|
}
|
|
|
|
/* set default values in bozoprefs_t struct */
|
|
int
|
|
bozo_init_prefs(bozoprefs_t *prefs)
|
|
{
|
|
/* make sure everything is clean */
|
|
(void) memset(prefs, 0x0, sizeof(*prefs));
|
|
|
|
/* set up default values */
|
|
bozo_set_pref(prefs, "server software", SERVER_SOFTWARE);
|
|
bozo_set_pref(prefs, "index.html", INDEX_HTML);
|
|
bozo_set_pref(prefs, "public_html", PUBLIC_HTML);
|
|
|
|
return 1;
|
|
}
|
|
|
|
/* set default values */
|
|
int
|
|
bozo_set_defaults(bozohttpd_t *httpd, bozoprefs_t *prefs)
|
|
{
|
|
return bozo_init_httpd(httpd) && bozo_init_prefs(prefs);
|
|
}
|
|
|
|
/* set the virtual host name, port and root */
|
|
int
|
|
bozo_setup(bozohttpd_t *httpd, bozoprefs_t *prefs, const char *vhost,
|
|
const char *root)
|
|
{
|
|
struct passwd *pw;
|
|
extern char **environ;
|
|
static char *cleanenv[1] = { NULL };
|
|
uid_t uid;
|
|
char *chrootdir;
|
|
char *username;
|
|
char *portnum;
|
|
char *cp;
|
|
int dirtyenv;
|
|
|
|
dirtyenv = 0;
|
|
|
|
if (vhost == NULL) {
|
|
httpd->virthostname = bozomalloc(httpd, MAXHOSTNAMELEN+1);
|
|
/* XXX we do not check for FQDN here */
|
|
if (gethostname(httpd->virthostname, MAXHOSTNAMELEN+1) < 0)
|
|
bozo_err(httpd, 1, "gethostname");
|
|
httpd->virthostname[MAXHOSTNAMELEN] = '\0';
|
|
} else {
|
|
httpd->virthostname = strdup(vhost);
|
|
}
|
|
httpd->slashdir = strdup(root);
|
|
if ((portnum = bozo_get_pref(prefs, "port number")) != NULL) {
|
|
httpd->bindport = strdup(portnum);
|
|
}
|
|
|
|
/* go over preferences now */
|
|
if ((cp = bozo_get_pref(prefs, "numeric")) != NULL &&
|
|
strcmp(cp, "true") == 0) {
|
|
httpd->numeric = 1;
|
|
}
|
|
if ((cp = bozo_get_pref(prefs, "trusted referal")) != NULL &&
|
|
strcmp(cp, "true") == 0) {
|
|
httpd->untrustedref = 1;
|
|
}
|
|
if ((cp = bozo_get_pref(prefs, "log to stderr")) != NULL &&
|
|
strcmp(cp, "true") == 0) {
|
|
httpd->logstderr = 1;
|
|
}
|
|
if ((cp = bozo_get_pref(prefs, "bind address")) != NULL) {
|
|
httpd->bindaddress = strdup(cp);
|
|
}
|
|
if ((cp = bozo_get_pref(prefs, "background")) != NULL) {
|
|
httpd->background = atoi(cp);
|
|
}
|
|
if ((cp = bozo_get_pref(prefs, "foreground")) != NULL &&
|
|
strcmp(cp, "true") == 0) {
|
|
httpd->foreground = 1;
|
|
}
|
|
if ((cp = bozo_get_pref(prefs, "pid file")) != NULL) {
|
|
httpd->pidfile = strdup(cp);
|
|
}
|
|
if ((cp = bozo_get_pref(prefs, "unknown slash")) != NULL &&
|
|
strcmp(cp, "true") == 0) {
|
|
httpd->unknown_slash = 1;
|
|
}
|
|
if ((cp = bozo_get_pref(prefs, "virtual base")) != NULL) {
|
|
httpd->virtbase = strdup(cp);
|
|
}
|
|
if ((cp = bozo_get_pref(prefs, "enable users")) != NULL &&
|
|
strcmp(cp, "true") == 0) {
|
|
httpd->enable_users = 1;
|
|
}
|
|
if ((cp = bozo_get_pref(prefs, "dirty environment")) != NULL &&
|
|
strcmp(cp, "true") == 0) {
|
|
dirtyenv = 1;
|
|
}
|
|
if ((cp = bozo_get_pref(prefs, "hide dots")) != NULL &&
|
|
strcmp(cp, "true") == 0) {
|
|
httpd->hide_dots = 1;
|
|
}
|
|
if ((cp = bozo_get_pref(prefs, "directory indexing")) != NULL &&
|
|
strcmp(cp, "true") == 0) {
|
|
httpd->dir_indexing = 1;
|
|
}
|
|
if ((cp = bozo_get_pref(prefs, "public_html")) != NULL) {
|
|
httpd->public_html = strdup(cp);
|
|
}
|
|
httpd->server_software =
|
|
strdup(bozo_get_pref(prefs, "server software"));
|
|
httpd->index_html = strdup(bozo_get_pref(prefs, "index.html"));
|
|
|
|
/*
|
|
* initialise ssl and daemon mode if necessary.
|
|
*/
|
|
bozo_ssl_init(httpd);
|
|
bozo_daemon_init(httpd);
|
|
|
|
if ((username = bozo_get_pref(prefs, "username")) == NULL) {
|
|
if ((pw = getpwuid(uid = 0)) == NULL)
|
|
bozo_err(httpd, 1, "getpwuid(0): %s", strerror(errno));
|
|
httpd->username = strdup(pw->pw_name);
|
|
} else {
|
|
httpd->username = strdup(username);
|
|
if ((pw = getpwnam(httpd->username)) == NULL)
|
|
bozo_err(httpd, 1, "getpwnam(%s): %s", httpd->username,
|
|
strerror(errno));
|
|
if (initgroups(pw->pw_name, pw->pw_gid) == -1)
|
|
bozo_err(httpd, 1, "initgroups: %s", strerror(errno));
|
|
if (setgid(pw->pw_gid) == -1)
|
|
bozo_err(httpd, 1, "setgid(%u): %s", pw->pw_gid,
|
|
strerror(errno));
|
|
uid = pw->pw_uid;
|
|
}
|
|
/*
|
|
* handle chroot.
|
|
*/
|
|
if ((chrootdir = bozo_get_pref(prefs, "chroot dir")) != NULL) {
|
|
httpd->rootdir = strdup(chrootdir);
|
|
if (chdir(httpd->rootdir) == -1)
|
|
bozo_err(httpd, 1, "chdir(%s): %s", httpd->rootdir,
|
|
strerror(errno));
|
|
if (chroot(httpd->rootdir) == -1)
|
|
bozo_err(httpd, 1, "chroot(%s): %s", httpd->rootdir,
|
|
strerror(errno));
|
|
}
|
|
|
|
if (username != NULL)
|
|
if (setuid(uid) == -1)
|
|
bozo_err(httpd, 1, "setuid(%d): %s", uid,
|
|
strerror(errno));
|
|
|
|
/*
|
|
* prevent info leakage between different compartments.
|
|
* some PATH values in the environment would be invalided
|
|
* by chroot. cross-user settings might result in undesirable
|
|
* effects.
|
|
*/
|
|
if ((chrootdir != NULL || username != NULL) && !dirtyenv)
|
|
environ = cleanenv;
|
|
|
|
#ifdef _SC_PAGESIZE
|
|
httpd->page_size = (long)sysconf(_SC_PAGESIZE);
|
|
#else
|
|
httpd->page_size = 4096;
|
|
#endif
|
|
debug((httpd, DEBUG_OBESE, "myname is %s, slashdir is %s",
|
|
httpd->virthostname, httpd->slashdir));
|
|
|
|
return 1;
|
|
}
|